CVE-2026-30239

Medium CVSS: 6.5

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets are deleted, the work packages that were assigned to this budget need to be moved to a different budget. This action was performed before the permission check on the delete action was executed. This allowed all users in the application to delete work package budget assignments. This vulnerability is fixed in 17.2.0.

Vendor

Openproject

Product

Openproject

CWE

CWE-863

Yayın Tarihi

2026-03-11 17:16:57

Güncelleme

2026-03-13 19:01:28

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-863 Openproject MEDIUM Openproject 2026

Referanslar

https://github.com/opf/openproject/security/advisories/GHSA-gpvh-g967-g4h8

Benzer Kayıtlar

Critical

CVE-2026-32698

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2…

Critical

CVE-2026-32703

OpenProject is an open-source, web-based project management software. In versions prior to 16.6.9, 17.0.6, 17.1.3, and 1…

Low

CVE-2026-31974

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, OpenProject SMTP test endpoint (P…

Medium

CVE-2026-30235

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, this vulnerability occurs due to…

Medium

CVE-2026-30236

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when editing a project budget and…

Medium

CVE-2026-30234

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, an authenticated project member w…